Develop Reference

Flask + Gunicorn + Nginx: Group www-data not installed

I am new to web services especially when it comes to deployment options.
I made a Flask application webserver, and now I would like to deploy it on production mode. I went for Gunicorn + Nginx options and followed this tutorial on Medium.
I installed nginx with:
~ >>> sudo pacman -S nginx
~ >>> sudo systemctl start nginx
~ >>> sudo systemctl enable nginx
Everything worked well, but when I created my systemd service webserver.service, the Group=www-data made the service exited, with status=216/GROUP.
Here is the webserver.service file:
[Unit]
Description=Gunicorn instance to serve the test server webserver
After=network.target
[Service]
User=user
Group=www-data
WorkingDirectory=/home/user/webserver/
Environment="PATH=/home/user/webserver/.env/bin"
ExecStart=/home/user/webserver/.env/bin/gunicorn --workers 3 --bind unix:app.sock -m 007 wsgi:app
[Install]
WantedBy=multi-user.target
Here is the full log:
~ >>> sudo systemctl start webserver
~ >>> sudo systemctl enable webserver
~ >>> sudo systemctl status webserver
● webserver.service - Gunicorn instance to serve the test server webserver
Loaded: loaded (/etc/systemd/system/webserver.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2020-07-05 14:50:02 CEST; 20min ago
Main PID: 5464 (code=exited, status=216/GROUP)
juil. 05 14:50:02 user systemd[1]: Started Gunicorn instance to serve the test server webserver.
juil. 05 14:50:02 user systemd[5464]: webserver.service: Failed to determine group credentials: No such process
juil. 05 14:50:02 user systemd[5464]: webserver.service: Failed at step GROUP spawning /home/user/webserver/.env/bin/gunicorn: No such process
juil. 05 14:50:02 user systemd[1]: webserver.service: Main process exited, code=exited, status=216/GROUP
juil. 05 14:50:02 user systemd[1]: webserver.service: Failed with result 'exit-code'.
In fact, when I list all the groups, the www-data required by Nginx is missing:
~ >>> groups
sys network power docker lp wheel user
So obviously the above code won't work with www-data group.
What I tried
1. A different group
I tried to change the group option to Group=root, and it worked. I then finished the tutorial without any errors.
I thought it fixed my issue, but I couldn't access my server on my browser at http://www.my_domain_webserver.com, so I guess the www-data is mandatory to work with Nginx and GUnicorn.
My nginx location block:
server {
listen 80;
server_name my_domain_webserver.com www.my_domain_webserver.com;
location / {
include proxy_params;
proxy_pass http://unix:/home/user/webserver/app.sock;
}
}
2. Reloading Daemon
I also tried to re-execute daemon with systemctl daemon-reexec, but it didn't solved my issue.
My project tree is:
webserver
├── app.py
├── app.sock
└── wsgi.py
Why is the group www-data missing ?
Do I need to add special nginx.conf files ? I didn't modify any of them.
Thanks for your help !

You could try to add the folder to the "www-data" group:
sudo chown www-data /home/user/webserver
That helped for me...

nginx proxy_pass does not take affect

I want to deploy an flask app and followed a tutorial to get this done using nginx.
As the tutorial states I do as follows:
sudo nano /etc/nginx/sites-available/app
this file contains:
server {
listen 80;
server_name server_domain_or_IP;
location / {
include proxy_params;
proxy_pass http://unix:/home/pi/Desktop/python_scripts/internetdisplay/app.sock;
}
}
A systemd Unit service was created and is succesfully running. This created the app.sock file in the 'internetdisplay' directory. Systemctl status app.service results:
● app.service - Gunicorn instance to serve myproject
Loaded: loaded (/etc/systemd/system/app.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2019-11-10 21:16:49 CET; 16h ago
Main PID: 438 (gunicorn)
Tasks: 4 (limit: 2200)
Memory: 46.4M
CGroup: /system.slice/app.service
├─438 /usr/bin/python2 /usr/bin/gunicorn --workers 3 --bind unix:app.sock -m 007 wsgi:app
├─679 /usr/bin/python2 /usr/bin/gunicorn --workers 3 --bind unix:app.sock -m 007 wsgi:app
├─681 /usr/bin/python2 /usr/bin/gunicorn --workers 3 --bind unix:app.sock -m 007 wsgi:app
└─682 /usr/bin/python2 /usr/bin/gunicorn --workers 3 --bind unix:app.sock -m 007 wsgi:app
Nov 10 21:16:49 raspberrypi systemd[1]: Started Gunicorn instance to serve myproject.
Nov 10 21:16:57 raspberrypi gunicorn[438]: [2019-11-10 21:16:57 +0000] [438] [INFO] Starting gunicorn 19.9.0
Nov 10 21:16:57 raspberrypi gunicorn[438]: [2019-11-10 21:16:57 +0000] [438] [INFO] Listening at: unix:app.sock (438)
Nov 10 21:16:57 raspberrypi gunicorn[438]: [2019-11-10 21:16:57 +0000] [438] [INFO] Using worker: sync
Nov 10 21:16:57 raspberrypi gunicorn[438]: [2019-11-10 21:16:57 +0000] [679] [INFO] Booting worker with pid: 679
Nov 10 21:16:57 raspberrypi gunicorn[438]: [2019-11-10 21:16:57 +0000] [681] [INFO] Booting worker with pid: 681
Nov 10 21:16:57 raspberrypi gunicorn[438]: [2019-11-10 21:16:57 +0000] [682] [INFO] Booting worker with pid: 682
Then I link to sites-enabled and restart nginx:
sudo ln -s /etc/nginx/sites-available/app /etc/nginx/sites-enabled
sudo systemctl restart nginx
But surfing to http://localhost leads to an "this site can't be reached" error

It sounds like your location block is not set up correctly to find your resourses.
I assume that this is not the location of your unix socket:
/home/tasnuva/work/deployment/src/app.sock
Check the following:
systemd unit file is creating a socket in the expected location
the daemon is indeed running and the socket file exists
your nginx config is pointing to the correct socket file.
If none of this tells you anything, please update your question with appropriate error log entries.

Serving API via Flask / Gunicorn / Nginx: Connection refused

I'm having trouble getting gunicorn and Nginx to work together and allow me to offer a simple API via flask:
Locally, running gunicorn and getting responses from the server works fine:
gunicorn wsgi:app (start server)
[2019-06-11 23:12:48 +0000] [14615] [INFO] Starting gunicorn 19.9.0
[2019-06-11 23:12:48 +0000] [14615] [INFO] Listening at: http://127.0.0.1:8000 (14615)
[2019-06-11 23:12:48 +0000] [14615] [INFO] Using worker: sync
[2019-06-11 23:12:48 +0000] [14619] [INFO] Booting worker with pid: 14619
curl http://127.0.0.1:8000/predict (client call server for prediction)
output: "SERVER WORKS"
The problem arises when I try to use Nginx as well.
/etc/systemd/system/app.service
[Unit]
Description=Gunicorn instance to serve app
After=network.target
[Service]
User=root
Group=www-data
WorkingDirectory=/root/server
ExecStart=/usr/local/bin/gunicorn --bind unix:app.sock -m 007 wsgi:app
[Install]
WantedBy=multi-user.target
/etc/nginx/sites-available/app
server {
listen 80;
server_name [SERVER_IP_ADDRESS];
location / {
include proxy_params;
proxy_pass http://unix:/root/server/app.sock;
}
}
The status of my systemd looks fine:
systemctl status app
● app.service - Gunicorn instance to serve app
Loaded: loaded (/etc/systemd/system/app.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2019-06-11 23:24:07 UTC; 1s ago
Main PID: 14664 (gunicorn)
Tasks: 2 (limit: 4915)
CGroup: /system.slice/app.service
├─14664 /usr/bin/python /usr/local/bin/gunicorn --bind unix:app.sock -m 007 wsgi:app
└─14681 /usr/bin/python /usr/local/bin/gunicorn --bind unix:app.sock -m 007 wsgi:app
systemd[1]: Started Gunicorn instance to serve app.
gunicorn[14664]: [2019-06-11 23:24:07 +0000] [14664] [INFO] Starting gunicorn 19.9.0
gunicorn[14664]: [2019-06-11 23:24:07 +0000] [14664] [INFO] Listening at: unix:app.sock (14664)
gunicorn[14664]: [2019-06-11 23:24:07 +0000] [14664] [INFO] Using worker: sync
gunicorn[14664]: [2019-06-11 23:24:07 +0000] [14681] [INFO] Booting worker with pid: 14681
When I make a request to the server, I have trouble connecting:
curl http://[SERVER_IP_ADDRESS]:80/predict
<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.14.0 (Ubuntu)</center>
</body>
</html>
EDIT:
I tried removing server_name [SERVER_IP_ADDRESS]; from /etc/nginx/sites-available/app. I now receive 'Welcome to nginx!' at http://SERVER_IP_ADDRESS, and '404 Not Found' at http://SERVER_IP_ADDRESS/predict
FYI, my flask app only has one route, which is '/predict'

It looks like you don't have Port 80 open, so here's a quick iptables command to do so:
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Nginx: Failed to start A high performance web server and a reverse proxy server

I try to start this service but i can´t, the error below occur:
root#zabbix:/home/appliance# systemctl status nginx.service
nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2018-07-25 18:33:26 UTC; 1min 27s ago
Process: 30040 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=1/FAILURE)
Process: 30037 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Jul 25 18:33:25 zabbix nginx[30040]: nginx: [emerg] listen() to [::]:80, backlog 511 failed (98: Address already in use)
Jul 25 18:33:25 zabbix nginx[30040]: nginx: [emerg] listen() to 0.0.0.0:80, backlog 511 failed (98: Address already in use)
Jul 25 18:33:25 zabbix nginx[30040]: nginx: [emerg] listen() to [::]:80, backlog 511 failed (98: Address already in use)
Jul 25 18:33:26 zabbix nginx[30040]: nginx: [emerg] listen() to 0.0.0.0:80, backlog 511 failed (98: Address already in use)
Jul 25 18:33:26 zabbix nginx[30040]: nginx: [emerg] listen() to [::]:80, backlog 511 failed (98: Address already in use)
Jul 25 18:33:26 zabbix nginx[30040]: nginx: [emerg] still could not bind()
Jul 25 18:33:26 zabbix systemd[1]: nginx.service: Control process exited, code=exited status=1
Jul 25 18:33:26 zabbix systemd[1]: *******Failed to start A high performance web server*** and a reverse proxy server.****
Jul 25 18:33:26 zabbix systemd[1]: nginx.service: Unit entered failed state.
Jul 25 18:33:26 zabbix systemd[1]: nginx.service: Failed with result 'exit-code'.

You already have a process bound to the HTTP port 80. (Specially after upgrading systems! it will start apache2 by default)
So first try this:
sudo service apache2 stop
sudo systemctl restart nginx
If problem is not solved then run this command sudo lsof -i:80 to get a list of processes using the port and then stop or disable web server.
Try to stop the process which are using the port 80 using:
sudo fuser -k 80/tcp
sudo systemctl restart nginx
In some cases it may be some issues in the configuration file.
You can use nginx -t -c /etc/nginx/nginx.conf command to find any miss-configuration.
In some cases this error is caused by a default Nginx site already on port 80. Removing default config works if you don't need a default one!
sudo rm /etc/nginx/sites-enabled/default
sudo service nginx restart

For me this error was caused by a default nginx site already on port 80. Removing default site worked
sudo rm /etc/nginx/sites-enabled/default
sudo service nginx restart

You already have a process bound to the HTTP port 80.
You can run command sudo lsof -i:80 to get a list of processes using the port and then stop/disable web server.

Try to stop the process which are using the port 80:
sudo fuser -k 80/tcp

Try to stop the process which is using port 80:
sudo fuser -k 80/tcp
When you did restart using
sudo systemctl restart nginx

It may be some issues in the configuration file. You can use this
nginx -t -c /etc/nginx/nginx.confcommand to find any bugs in the configuration file. If you find the bugs resolve that run the sudo service nginx restart again. It will work.
Please check the reference here

In my experience, this error can be triggered in several different situations (which might have the same root, but are perceived as different scenarios).
Not only port 80
Depending on your nginx config, you should also try port 443:
sudo lsof -i:80
sudo lsof -i:443
You should be able to check your nginx listen ports in /etc/nginx/sites-enabled (under Debian)
Special case
In my case, there was an nginx instance running, that would block itself from restarting. It would not go down with sudo systemctl stop nginx. I had to use sudo killall nginx and could then use sudo systemctl start nginx.
Config error
I also experienced the exact same error message on a config error.
You can check your nginx config with /usr/sbin/nginx -c /etc/nginx/nginx.conf# (this will also test all virtual host files (/etc/nginx/sites-enabled`)

i had same issue, was because i have apache and nginx on same server !
so when i typed sudo reboot it didn't work because it started apache while am using nginx so i just run this two commands
sudo systemctl stop apache2
then
sudo systemctl start nginx
then sudo systemctl disable apache2
so next time i reboot not going to face same issue
help from aws services support

I had to use:
sudo killall nginx
And could then use;
sudo systemctl start nginx

For me stopping apache service solved the problem
sudo service apache2 stop

I had this problem too. I checked the /etc/nginx/site-available/default file and I have forgotten to close the bracket (syntax error).

Just restart the nginx server. It should resolve your problem
sudo systemctl restart nginx

I was using gunicorn with nginx, found that service was not active.
sudo systemctl enable gunicorn.socket
sudo systemctl start gunicorn.socket
sudo systemctl restart nginx
Worked for me.
if your gunicorn is active, please make sure it's working fine.
you can also go through the logs(errors) via nginx logs from
sudo tail -f /var/log/nginx/error.log

Certbot renew: nginx: [error] open() "/run/nginx.pid" failed (2: No such file or directory)

Certbot and nginx versions:
certbot installed using certbot.eff.org install guide.
Certbot version: 0.22.2
Nginx version: 1.10.3
Getting ssl certificates works fine:
certbot --nginx
But, in renewal of cerbot certificated
certbot renew --dry-run
nginx fails to start causing:
nginx: [error] open() "/run/nginx.pid" failed (2: No such file or directory)
I have tried changing post-hook and pre-hook in /etc/letsencrypt/renewal/*com.conf/
commenting installer=nginx
changing authenticator to nginx and standalone
Adding post and pre hooks in /etc/letsencrypt/renewal-hooks/pre/ and /etc/lestencrypt/renewal-hooks/post/ to stop and start nginx service.
Seems nginx is not starting properly or isn't stop properly.
after renewal completes nginx fails with (code=exited, status=1/FAILURE)
Nginx error log show:
Error while certbot renew:

Try to execute:
sudo service nginx restart
Then test your nginx configuration file(s) (until you see "nginx: configuration file /etc/nginx/nginx.conf test is successful")
sudo nginx -s reload -t
Pay attention on paths to certificates, and other stuff
and then reload configuration without -t option:
sudo nginx -s reload
It's not recommended to modify configuration files in /etc/letsencrypt/ but creating (if it doesn't exist) and modifying cli.ini file here is working for me. You can specify post-hook in this file once and it will work for all your certificates, see my current file:
# /etc/letsencrypt/cli.ini
max-log-backups = 0
authenticator = webroot
webroot-path = /var/www/html
post-hook = service nginx reload
text = True
I hope this will help future readers. Solution source is here (however the article is in Russian)

I had the same issue on Ubuntu 16.04
I've just removed post and pre hooks in /etc/letsencrypt/renewal/*.conf and changed authenticator to nginx - I had in two entries standalone.
And it is working now fine.
Edit:
Recommended way to update renewal config is to reissue new certificate using:
certbot -i nginx -d example.com -d www.example.com certonly

You can run this command line before run reload nginx.
sudo nginx -c /etc/nginx/nginx.conf
or
sudo nginx -c /usr/local/etc/nginx/nginx.conf
then you can start nginx nomaly
sudo nginx -s reload
Good luck.

I had the same error...
When I installed certbot, I followed the instructions and put in a cronjob (5 3 15 * *):
certbot renew --pre-hook "service nginx stop" --post-hook "service nginx start"
this morning nginx was dead, and the log showed
open() "/run/nginx.pid" failed (2: No such file or directory)
I did not connect the two, but do I understand that certbot triggers the nginx failure?

ps -ef | grep nginx, find all nginx process
sudo kill -9 xxx xxx xxx or sudo pkill nginx
sudo systemctl restart nginx
sudo nginx -t

I had this problem and followed a similar tack to those outlined here.
I had had certbot install a certificate, but it was in certonly --nginx mode, I supplied my own nginx serverblocks. certbot worked, but an nginx failure cast doubt on the accuracy of my provisioning.
This certbot call "restarts" nginx with a modified server block configuration, so it can answer the HTTP-01 challenges. I know this because when it fails, it will log, "nginx restart failed:" just before the bind() failures I'm about to show. My nginx server was down when provisioning succeeded.
I couldn't get systemctl or service to start it and systemd status nginx would only ever show "failed".
Whilst I could get nginx up, and serving, with nginx -s reload I wanted systemd to manage it for me.
No amount of systemctl {start|restart|stop|quit} nginx, would work. The status remained as failed and would show errors with bind():
Oct 07 10:04:13 HostXYZ systemd[1]: Starting A high performance web server and a reverse proxy server...
Oct 07 10:04:13 HostXYZ nginx[17096]: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Unknown error)
Oct 07 10:04:13 HostXYZ nginx[17096]: nginx: [emerg] bind() to [::]:80 failed (98: Unknown error)
Oct 07 10:04:13 HostXYZ nginx[17096]: nginx: [emerg] bind() to [::]:443 failed (98: Unknown error)
Oct 07 10:04:13 HostXYZ nginx[17096]: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Unknown error)
That would repeat in journalctl output, 4 or 5 times.
I checked the process and saw:
:~$ ps aux | grep nginx
root 12960 0.0 0.6 77216 9816 ? Ss Oct06 0:00 nginx: master process nginx -c /etc/nginx/nginx.conf
www-data 16944 0.0 0.5 77360 8604 ? S 08:43 0:00 nginx: worker process
That process, which appeared to be occupying the ports needed by my systemd service. My systemd service doesn't use that -c /etc/nginx/nginx.conf. It uses:
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
nginx -s stop, and quit would not rid me of the rogue process. Instead they both gave the error the OP had:
:~$ sudo nginx -s stop
nginx: [error] open() "/run/nginx.pid" failed (2: No such file or directory)
Both my systemd service unit and /etc/nginx/nginx.conf gave /run/nginx.pid as the PIDFile/pid. For some reason, /etc/nginx/nginx.conf wasn't creating it.
What I needed to do:
sudo killall nginx
sudo systemctl start nginx
That knocked out the other nginx service (I think it came from nginx -s reload but I couldn't shut it down by the corollary command) Which looked like this:
:~$ sudo killall nginx
:~$ ps aux | grep nginx
john 17140 0.0 0.1 4008 2004 pts/0 S+ 10:10 0:00 grep --color=auto nginx
:~$ sudo systemctl start nginx
:~$ sudo systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2022-10-07 10:10:25 UTC; 1s ago
...
:~$ ps aux | grep nginx
root 11481 0.0 0.1 76484 2588 ? Ss 10:10 0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
www-data 11482 0.0 0.2 76876 4284 ? S 10:10 0:00 nginx: worker process
:~$ cat /run/nginx.pid
11481